Chrome 51最新版アップデートで、新しいAPIやより効率的なページレンダリング新機能

GoogleはChromeのMac/Windows/Linux向け最新版「Chrome 51.0.2704.63」をリリースしました。今回のアップデートでは42件のセキュリティ問題に対処しています。

Chrome最新版「Chrome 51.0.2704.63」では、42件のセキュリティ問題に対処しており、不具合の修正および新しいAPIやより効率的なページレンダリング新機能の追加が行われています。

セキュリティ問題については、外部からの報告による脆弱性が’23件、セキュリテ修正の深刻度の内訳は、4段階中で上から2番目の“High”が9件、上から3番目の“Medium”が10件となっています。Blink内のクロスオリジンバイパスの脆弱性や、V8のヒープオーバーフローやヒープ解放後の問題などの脆弱性が修正されています。

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 42 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

• [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
• [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
• [$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
• [$7500][600182<] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
• [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
• [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
• [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
• [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
• [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
• [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
• [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
• [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
• [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
• [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
• [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
• [$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
• [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
• [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
• [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
• [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
• [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
• [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
• [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester.

▶︎Chrome Releases: Stable Channel Update

最新版へのアップデートについては、そのままにしていても自動で行われます。でも、今すぐにアップデートしたい場合には、Chromeの画面右上のメニューアイコンから行うことが出来ます。